package main

import (
	"github.com/gin-gonic/gin"
	"go-sec-code/router"
	"net/http"
)

func main() {
	engine := gin.Default()
	engine.GET("/echo", func(ctx *gin.Context) {
		ctx.String(http.StatusOK, "Hello world")
	})

	r := engine.Group("gosec")
	r.GET("/forward", func(ctx *gin.Context) {
		path := ctx.Query("path")
		if isSafePath(path) {
			// 设置转发路径
			ctx.Request.URL.Path = path
			// 转发
			engine.HandleContext(ctx)
		} else {
			ctx.String(http.StatusBadRequest, "Invalid path")
		}
	})

	fileHandler := router.NewFileHandler()
	fileHandler.RegisterRoutes(r)
	execHandler := router.NewExecHandler()
	execHandler.RegisterRoutes(r)
	userListHandler := router.NewGetUserListHandler()
	userListHandler.RegisterRoutes(r)
	ssrfHandler := router.NewGetSsrfHandler()
	ssrfHandler.RegisterRoutes(r)
	codeInjectionHandler := router.NewCodeInjectionHandler()
	codeInjectionHandler.RegisterRoutes(r)
	redirectHandler := router.NewRedirectHandler()
	redirectHandler.RegisterRoutes(r)
	connStrHandler := router.NewConnStrHandler()
	connStrHandler.RegisterRoutes(r)
	resInHandler := router.NewResInHandler()
	resInHandler.RegisterRoutes(r)
	csrfHandler := router.NewCsrfHandler()
	csrfHandler.RegisterRoutes(r)
	sqlInHandler := router.NewSqlInHandler()
	sqlInHandler.RegisterRoutes(r)

	engine.Run("0.0.0.0:8000")
}

func isSafePath(path string) bool {
	whitelistPath := []string{"/login", "logout"}
	for _, whitePath := range whitelistPath {
		if path == whitePath {
			return true
		}
	}
	return false
}